Prune has to connect to your registry server directly to delete blobs, and the registry does not support certificate based auth. The most consistent path would be to use a service account that had the appropriate permissions and get its token with "oc serviceaccounts get-token".
On Mon, Dec 5, 2016 at 3:08 PM, Srinivas Naga Kotaru (skotaru) < [email protected]> wrote: > Am also interested to know the answer. > > > > Am thinking we don’t need token for oadm command since it doesn’t use > tokens or oauth based authentication. Since it is installed with root > privileges, we are using sudo oadm command to executive commands. > > > > # sudo oadm prune builds --orphans --confirm > > NAMESPACE NAME > > java-hello-universe os-sample-java-web-1 > > upgrade upgrade-1 > > sujchinncae-test django-1 > > > > We’re not running internal registry for builds. Am not sure we still need > to run prune operations in this scanario. > > > > -- > > *Srinivas Kotaru* > > > > *From: *<[email protected]> on behalf of Den > Cowboy <[email protected]> > *Date: *Monday, December 5, 2016 at 12:37 AM > *To: *"[email protected]" <[email protected] > > > *Subject: *authentication for oadm prune in cron job > > > > We are able to delete old deployments + old images (also inside the > registry) with our oadm prune commands. > We want to put this in cronjobs. But to perform oadm commands we need to > be authenticated. Which is the best way to authenticate in a cron job? > > > At the moment we have 1 admin account (with cluster-admin permissions) + > we have the system:admin account. > > Do we need a new account (or service account) for our cronjobs and which > permission would we need? > > > > Thanks > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
